The #s390x open source software team at IBM confirms the latest versions of various software packages run well on #Linux on #IBMZ & #LinuxONE 🐧

In October 2025 validation was maintained for two dozen projects, including #ApacheActiveMQ #InfluxDB & #Rails 🎉

We also on-boarded libdfp & qsv to our new hosted GitHub Actions runners, and saw Rarr add CI and VictoriaTraces begin releasing binaries 🎁

Details in my monthly report: https://community.ibm.com/community/user/blogs/elizabeth-k-joseph1/2025/11/19/linuxone-open-source-report-october-2025

🚨 Attackers exploiting a critical Apache ActiveMQ vuln (CVE-2023-46604) are not only breaking in but patching the flaw afterward to hide their tracks! Using malware DripDropper, they maintain stealthy control over Linux servers. A rare and clever tactic to watch out for! 🛡️🔥 #Cybersecurity #InfoSec #ApacheActiveMQ https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/
#newz

ActiveMQ Artemis 2.38.0 was released last week. Discover the latest enhancements and improvements by checking out the release notes: https://activemq.apache.org/components/artemis/download/release-notes-2.38.0
#ApacheActiveMQ

Currently, @SimonMartinelli is teaching JMS with #SpringBoot at the University of Applied Science in Bern, Switzerland. They use #ApacheActiveMQ #Artemis as their JMS message broker. But how to test their Spring Boot application?

https://foojay.io/today/testing-spring-boot-jms-with-activemq-artemis-and-testcontainers/

#java #foojaytip

🏴‍☠️ Set sail on a cyber adventure! Dive into our latest blog 'Navigating the Treacherous Waters of Apache ActiveMQ' and uncover the dark secrets of GoTitan and PrCtrl Rat. Ready yer defenses, mateys! #Cybersecurity #ApacheActiveMQ #GoTitan #PrCtrlRat 🌊⚔️: https://cybercorsair.blogspot.com/2023/11/sailing-cyber-seas-navigating_29.html

Widespread exploitation of CVE-2023-46604, a remote code execution vulnerability in #ApacheActiveMQ, is underway. While initial reports came out about a week ago, it appears that the exploitation has increased in the last few days. See more at https://viz.greynoise.io/tag/apache-activemq-rce-attempt?days=3

"⚠️ Critical RCE Alert: 3,000 Apache ActiveMQ Servers at Risk! ⚠️"

Over 3,000 Apache ActiveMQ servers are exposed online, vulnerable to a critical RCE flaw (CVE-2023-46604, CVSS v3: 10.0). Immediate patching is urged to prevent potential data theft and network compromise. Stay vigilant! 🛡️💻

Apache ActiveMQ is an open-source message broker for secure communication between clients and servers, supporting Java and various cross-language clients and protocols like AMQP, MQTT, OpenWire, and STOMP.

The flaw in question is CVE-2023-46604, a critical severity (CVSS v3 score: 10.0) RCE that allows attackers to execute arbitrary shell commands by exploiting class types in the OpenWire protocol.

According to Apache's disclosure on October 27, 2023, this vulnerability affects the following Apache ActiveMQ and Legacy OpenWire Module versions:

• Versions before 5.18.3 in the 5.18.x series
• Versions before 5.17.6 in the 5.17.x series
• Versions before 5.16.7 in the 5.16.x series
• All versions before 5.15.16

To address this issue, fixes have been released in versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. It's recommended to upgrade to one of these versions to enhance your IT security.

Tags: #CyberSecurity #RCE #ApacheActiveMQ #Vulnerability #PatchNow #InfoSec #ServerSecurity #CVE202346604 🚨🔐

Source: BleepingComputer

Author: Bill Toulas